From 7a76219774f3b6b18e2382280b4b85bfb0513367 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 2 Dec 2008 01:21:39 +0000 Subject: [PATCH] Implement Configure option pattern "experimental-foo" (specifically, "experimental-jpake"). --- CHANGES | 14 ++++--- Configure | 85 ++++++++++++++++++++++++++++------------ apps/Makefile | 23 ++++++----- crypto/aes/Makefile | 7 +++- crypto/camellia/Makefile | 19 +++++---- crypto/err/Makefile | 23 ++++++----- crypto/evp/Makefile | 1 + crypto/jpake/jpaketest.c | 2 +- test/Makefile | 9 +---- 9 files changed, 110 insertions(+), 73 deletions(-) diff --git a/CHANGES b/CHANGES index 034b46d08a..213927b375 100644 --- a/CHANGES +++ b/CHANGES @@ -730,15 +730,19 @@ Changes between 0.9.8i and 0.9.8j [xx XXX xxxx] *) Allow the CHIL engine to be loaded, whether the application is - multithreaded or not. (This does not release the developer from the - obligation to set up the dynamic locking callbacks.) - [Sander Temme ] + multithreaded or not. (This does not release the developer from the + obligation to set up the dynamic locking callbacks.) + [Sander Temme ] *) Use correct exit code if there is an error in dgst command. [Steve Henson; problem pointed out by Roland Dirlewanger] - *) Add JPAKE support, including demo authentication in s_client and - s_server. + *) Tweak Configure so that you need to say "experimental-jpake" to enable + JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications. + [Bodo Moeller] + + *) Add experimental JPAKE support, including demo authentication in + s_client and s_server. [Ben Laurie] *) Set the comparison function in v3_addr_canonize(). diff --git a/Configure b/Configure index 9ac8d0f2c2..87e5abbb26 100755 --- a/Configure +++ b/Configure @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -645,8 +645,9 @@ my $perl; # All of the following is disabled by default (RC5 was enabled before 0.9.8): -my %disabled = ( # "what" => "comment" +my %disabled = ( # "what" => "comment" [or special keyword "experimental"] "gmp" => "default", + "jpake" => "experimental", "mdc2" => "default", "rc5" => "default", "rfc3779" => "default", @@ -654,13 +655,20 @@ my %disabled = ( # "what" => "comment" "zlib" => "default", "zlib-dynamic" => "default" ); +my @experimental = (); -# Additional "no-..." options will be collected in %disabled. -# To remove something from %disabled, use e.g. "enable-rc5". -# For symmetry, "disable-..." is a synonym for "no-...". +# This is what $depflags will look like with the above defaults +# (we need this to see if we should advise the user to run "make depend"): +my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779"; -# This is what $depflags will look like with the above default: -my $default_depflags = "-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 "; + +# Explicit "no-..." options will be collected in %disabled along with the defaults. +# To remove something from %disabled, use "enable-foo" (unless it's experimental). +# For symmetry, "disable-foo" is a synonym for "no-foo". + +# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable. +# We will collect such requests in @experimental. +# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO. my $no_sse2=0; @@ -669,6 +677,7 @@ my $no_sse2=0; my $flags; my $depflags; +my $openssl_experimental_defines; my $openssl_algorithm_defines; my $openssl_thread_defines; my $openssl_sys_defines=""; @@ -689,6 +698,7 @@ while($argv_unprocessed) { $flags=""; $depflags=""; + $openssl_experimental_defines=""; $openssl_algorithm_defines=""; $openssl_thread_defines=""; $openssl_sys_defines=""; @@ -714,25 +724,35 @@ PROCESS_ARGS: if (/^no-(.+)$/ || /^disable-(.+)$/) { - if ($1 eq "ssl") + if (!($disabled{$1} eq "experimental")) { - $disabled{"ssl2"} = "option(ssl)"; - $disabled{"ssl3"} = "option(ssl)"; - } - elsif ($1 eq "tls") - { - $disabled{"tls1"} = "option(tls)" - } - else + if ($1 eq "ssl") + { + $disabled{"ssl2"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } + elsif ($1 eq "tls") + { + $disabled{"tls1"} = "option(tls)" + } + else + { + $disabled{$1} = "option"; + } + } + } + elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) + { + my $algo = $1; + if ($disabled{$algo} eq "experimental") { - $disabled{$1} = "option"; + die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n" + unless (/^experimental-/); + push @experimental, $algo; } - } - elsif (/^enable-(.+)$/) - { - delete $disabled{$1}; + delete $disabled{$algo}; - $threads = 1 if ($1 eq "threads"); + $threads = 1 if ($algo eq "threads"); } elsif (/^--test-sanity$/) { @@ -962,7 +982,7 @@ foreach (sort (keys %disabled)) push @skip, $algo; print " (skip dir)"; - $depflags .="-DOPENSSL_NO_$ALGO "; + $depflags .= " -DOPENSSL_NO_$ALGO"; } } } @@ -970,6 +990,16 @@ foreach (sort (keys %disabled)) print "\n"; } +my $exp_cflags = ""; +foreach (sort @experimental) + { + my $ALGO; + ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; + + # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined + $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n"; + $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO"; + } my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; @@ -1022,6 +1052,8 @@ my $shared_extension = $fields[$idx_shared_extension]; my $ranlib = $fields[$idx_ranlib]; my $arflags = $fields[$idx_arflags]; +$cflags = "$cflags$exp_cflags"; + # '%' in $lflags is used to split flags to "pre-" and post-flags my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } @@ -1406,7 +1438,7 @@ while () } s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^CFLAG=.*$/CFLAG= $cflags/; - s/^DEPFLAG=.*$/DEPFLAG= $depflags/; + s/^DEPFLAG=.*$/DEPFLAG=$depflags/; s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; @@ -1538,6 +1570,7 @@ print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configur print OUT "/* OpenSSL was configured with the following options: */\n"; my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; +$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; $openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; $openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; $openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq ""; @@ -1546,8 +1579,10 @@ $openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/ $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; print OUT $openssl_sys_defines; print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; +print OUT $openssl_experimental_defines; +print OUT "\n"; print OUT $openssl_algorithm_defines; -print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n"; +print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n"; print OUT $openssl_thread_defines; print OUT $openssl_other_defines,"\n"; diff --git a/apps/Makefile b/apps/Makefile index 20975c2a3f..1718538c26 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -188,18 +188,17 @@ apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h apps.o: ../include/openssl/engine.h ../include/openssl/err.h -apps.o: ../include/openssl/evp.h ../include/openssl/jpake.h -apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h -apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h -apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h -apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -apps.o: ../include/openssl/x509v3.h apps.c apps.h +apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h +apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h +apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +apps.o: ../include/openssl/sha.h ../include/openssl/stack.h +apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +apps.o: ../include/openssl/ui.h ../include/openssl/x509.h +apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 4c22daf86f..0ebd4a2642 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -107,8 +107,11 @@ aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h aes_cfb.o: aes_cfb.c aes_locl.h aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h -aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h +aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h +aes_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +aes_ctr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +aes_ctr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +aes_ctr.o: ../../include/openssl/symhacks.h aes_ctr.c aes_locl.h aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index 223a807481..6154f81347 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -81,19 +81,22 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -camellia.o: camellia.c camellia.h cmll_locl.h -cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h +camellia.o: ../../include/openssl/opensslconf.h camellia.c camellia.h +camellia.o: cmll_locl.h +cmll_cbc.o: ../../include/openssl/camellia.h cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h cmll_cfb.o: cmll_cfb.c cmll_locl.h -cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h -cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h -cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h +cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h +cmll_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +cmll_ctr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cmll_ctr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +cmll_ctr.o: ../../include/openssl/symhacks.h cmll_ctr.c cmll_locl.h +cmll_ecb.o: ../../include/openssl/camellia.h cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h -cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h +cmll_misc.o: ../../include/openssl/camellia.h cmll_misc.o: ../../include/openssl/opensslconf.h cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c -cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h +cmll_ofb.o: ../../include/openssl/camellia.h cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c diff --git a/crypto/err/Makefile b/crypto/err/Makefile index 3581d10178..862b23ba17 100644 --- a/crypto/err/Makefile +++ b/crypto/err/Makefile @@ -90,18 +90,17 @@ err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -err_all.o: ../../include/openssl/jpake.h ../../include/openssl/lhash.h -err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h -err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -err_all.o: err_all.c +err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h +err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +err_all.o: ../../include/openssl/x509v3.h err_all.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index a112edfdb7..7e0a9286ee 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -307,6 +307,7 @@ e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c +e_xcbc_d.o: evp_locl.h encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/jpake/jpaketest.c b/crypto/jpake/jpaketest.c index 74d65b909f..eaba75ed8a 100644 --- a/crypto/jpake/jpaketest.c +++ b/crypto/jpake/jpaketest.c @@ -1,5 +1,5 @@ - #include + #ifdef OPENSSL_NO_JPAKE #include diff --git a/test/Makefile b/test/Makefile index 33e6f0c8c7..5f8dc741d8 100644 --- a/test/Makefile +++ b/test/Makefile @@ -572,14 +572,7 @@ ideatest.o: ../include/openssl/opensslconf.h ideatest.c igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h igetest.o: ../include/openssl/rand.h igetest.c -jpaketest.o: ../include/openssl/bio.h ../include/openssl/bn.h -jpaketest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -jpaketest.o: ../include/openssl/err.h ../include/openssl/jpake.h -jpaketest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -jpaketest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -jpaketest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -jpaketest.o: jpaketest.c +jpaketest.o: ../include/openssl/opensslconf.h jpaketest.c md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h -- GitLab